Welcome to a special five-part podcast series, sponsored by Exiger, on topics From Third-Party Risk Management to Supply Chain Risk Management: Exiger on the Evolution in Supplier Compliance in COVID. Exiger was founded to fight financial crime, fraud and terrorist financing by introducing technology-enabled solutions to the market’s biggest supply chain, risk, investigation, litigation, and compliance challenges. A global authority on risk and compliance, Exiger serves the world’s largest banks, Fortune 1000 companies and government agencies and regulators. Over this series, we will put a spotlight on Financial Institutions with Tara Loftus and Samar Pratt; focus on corporations with Aaron Narva and George ‘Ren’ McEachern; consider Federal Government and Supply Chains with Carrie Wibben and Vishnu Anantatmula; review the pillars of good compliance with Brandon Daniels and Carrie Wibben; and end with a review of third-party risk management solutions with Erika Peters and Skyler Chi.
In this Part 2, we put a spotlight on corporations and their challenges in managing third parties and with Supply Chain risk management. In this exploration I am joined by George ‘Ren’ McEachern, a Managing Director based in Exiger’s Silver Spring (DC Metro) office where he focuses on leading anti-bribery investigations and assisting multinational corporations and financial institutions with regulatory risk management. Also joining me in this episode is Aaron Narva, Head of Corporate Markets, based in Exiger’s New York office. He leads the development and delivery of Exiger’s purpose-built AI-powered solutions for anti-bribery and corruption compliance. While at Exiger, Aaron has conducted in-depth testing and review of complex financial institution compliance and anti-money laundering (AML) programs both in the US and abroad. His experience includes detailed assessment of transactions, customer due diligence, and policies and procedures. He also helped to design and develop Exiger Diligence, the investigative due diligence arm of Exiger.
We began by noting that even in mid-2020 third parties still represent some of the greatest challenges in anti-corruption compliance. McEachern went a step further, stating “it’s gotten even more challenging under the COVID crisis. I actually think there should be almost a new label for third parties during this, it’s called COVID Third Parties.” This is because of the speed in which business now moves, a company must be ready to accelerate its entire third-party risk management process. Also, many companies may be required to onboard companies into industries they may not be that familiar with. Finally, the trade issues which have been brought to the fore under the Trump Administration has made onboarding and monitoring on an almost continuous basis nearly mandatory.
Narva focused on “risks at the margin” and why they have taken on such heightened importance. Narva believes, “the expectation is that you have a reasonable pool of data in which you are able to look for and identify risk for these people and companies.” Moreover, when it comes to identifying crucial risk information, whether it’s allegations of corruption, human trafficking in a foreign language or even an obscure regulatory release issued by a regulator; Narva stated, “these things have historically been very difficult to find at scale because of a cost limitations.” However, he believes that regulators now expect that type of rigor across third party populations and supply chains.
We next turned to the 2020 Update to the Evaluation of Corporate Compliance Programs and the FCPA Resource Guide, 2nd edition. McEachern felt there were three key takeaways from these two documents. First, resources and people matter in an organization when it comes to supporting a robust compliance program. This means “where are they spending money? Are they bringing the right people on? Are they the right resource folks?” become key questions. Second is the re-emphasis on investigations, specifically including root cause analysis. The third, and perhaps most important takeaway, was what did you do with the information you developed in the investigation and root cause analysis? Here McEachern suggested such questions as, “What are you doing to improve your compliance program after you conducted this examination? How is that going to help the company look at risk differently? How are you going to mitigate risk differently?” he concluded by noting that investigations and root cause analysis can be “very helpful for how your organization functions as a compliance program and also can show to the regulatory bodies that, “Hey, look, we had a problem. We investigated. We escalated correctly. We learned from those lessons. We made our program stronger.” That is a key distinction, in the guidance it is really a smart way to think about taking an investigation and making something better at it.”
Narva concluded with a few thoughts on the increased importance of internal investigations and how, in many ways, they will set ethical business standards for corporations. This is because the perceptions of a company’s products are harmed by bad news about supply chain as much as bad news about the company itself, even when the quality of the product is not affected. As Narva noted, “Who else but the chief acting compliance officers would be responsible for this?” He tempered this by concluding, “the great thing is now there is a set of tools and technology that can basically change the state of compliance from a roadblock or an impediment to business to a business accelerator which informs in a deeper way that compliance can protect a company when it operates in a much more ethical fashion.”
Join us tomorrow where we consider areas some of the challenges the Federal Government has on Supply Chain risk management.
For more information on Exiger, click here.
For more information on George ‘Ren’ McEachern, click here.
For more information on Aaron Narva, click here.